Sunday, May 07, 2006


I watch CBS' NUMB3RS because I find its integration of math and police work interesting, though the stories do tend to be simplistic.

I tivo'd the episode ("Backscatter") that was on this past Friday and sat down to watch it last night. I made it through the first 15 minutes before I gave up, in aggravation.

I was pleased, at first, to see that it focused on cybercrime -- phishing, to be precise. As I have mentioned on this blog, I think that we need to effect a cultural change in order to be able to deal effectively with cybercrime. More specifically, I think we need to make the public aware of the dangers that can lurk online and encourage them to protect themselves from those dangers.

So, I was interested to see that this episode dealt with phishing, which essentially consists of sending emails that are designed to elicit personal/financial information from unwary citizens of cyberspace. The emails usually tell the recipient that his/her bank/credit card account has been compromised and that he/she must contact the institution in question and "reconfirm" their personal information. The emails send the recipient to a fake website that masquerades as a site created by their financial/other institution. The information they provide to the fake website goes directly to cybercriminals who have successfully "phished" for it.

As this episode began, two "hackers" were wardriving to locate an unsecured wireless network that would give them access to credit card numbers. Sure enough, just before they were nabbed they logged into one -- "David's network" -- and began downloading a database of credit card numbers. I have two problems with this, so far: First, it's not phishing; it's hacking, pure and simple. That is, instead of tricking someone out of their credit card information, these guys simply "broke into" a database and attempted to steal the information it contained. My other problem with this part of the portion of the episode I stuck with is the name of the network: Do we really believe that, say, Citigroup or AmEx calls the databases in which they store credit card data by someone's given name? I may be way off base here, but somehow I find that very hard to believe.

But that's only the beginning. The two "hackers," clean-cut American youths, are interrogated and quickly give up the people they're working for . . . who are members of the Russian mob. The American "hackers" got involved with the Russian mob when Russians approached them in a cybercafe located in, I guess, LA, since that is where the show takes place. This is about the point at which I bailed and erased the episode.

I was, at first, pleased to see that a TV show, a network series, was focusing on cybercrime. I was extremely aggravated when it became apparent that the treatment of cybercrime was going to be indistinguishable from the treatment of the other types of crime the show deals with; that is, the indefatigable FBI agents and their clever-albeit-quirky academic support staff were going to be dealing with bad guys who were physically located in their "neighborhood" (LA, California). So instead of having to deal with nameless, faceless cybercriminals who operate remotely from, say, Moscow, the agents and their supporters could deal with these phishers (I assume we got to that point, somewhen) as they deal with all the other bad guys who are featured in the various episodes of the series: They use good old fashioned police work plus a soupcon of advanced math/other scientific knowledge to track them down, probably have a shoot-out or some other physical confrontation, then haul them off, making the world (and cyberspace) secure, once again.

I know I should have stuck with the show, but it was aggravating me and I had something else I wanted to do. Maybe I'll watch it when it's on again, sometimes . . . maybe not.

Seems to me that the message this show sent about cyberspace and the miscreants who lurk there is directly counterproductive: An uninformed viewer who watched the episode would get the distinct impression that, while we do need to be careful when we're online, especially with our personal/financial information, cybercriminals are basically like any other type of criminals. They hang around our neighborhoods, especially cybercafes, and can therefore be identified and apprehended like any other criminal. Bottom line: Don't worry about cybercrime; the FBI has it covered.

That just ain't so.


Anonymous said...

With all due respect, please keep the terms "hacker" and "cracker" distinct. Hackers are the good guys who use their skills and knowledge of computers and programming for good, while Crackers are the bad guys who commit crimes and create malware to cause havoc in cyberspace. The media is notorious for using these terms interchangeably. Someone like yourself who is cyber savvy should help promote the proper use of the terms.


A proud Hacker :)

Susan Brenner said...

You're right on all counts.

Thank you for the comments.